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i:n.t.he.claims 

Amended claims fallow. 

1. (Currently Amended) A program stored on a computer-readable medium for 
controlling a managing computer to manage malware protection within a computer 
network containing a plurality of network connected computers, said computer program 
product comprising: 

receiving code for receiving at said managing computer a plurality of log data 
messages identifying detection of malware by respective ones of said plurality of network 
connected computers; 

detecting code for detecting from said plurality of log data messages received by 
said managing computer a pattern and a network-wide threshold of malware detection 
across said plural ity of network connected computers matching at least one 
predetermined trigger, the network -wide threshold being applied to a sum of detections, 
the detections each being associated with a different one of the network connected 
computers; and 

action performing code, responsi ve to detection of one of said at least one 
predetermined trigger to perform at feast one predetermined anti-malware action; 

wherein predefined network -wide thresholds and patterns are provided as 
templates; 



wherein the predefined network-wide thresholds and patterns are customized to 
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2. (Previously Presented) A program stored on a computer-readable medium as 
claimed in claim i, wherein said plurality of network connected computers each have a 
malware scanner for scanning computer tiles to detect malware within said computer 
files 

3. (Previously Presented) A program stored on a computer-readable medium as 
claimed in claim 2, wherein said malware scanner includes malware definition data for 
identifying malware to be detected. 

4. (Previously Presented) A program stored on a computer-readable medium as 
claimed in claim 3, wherein said at least one predetermined anti -malware action includes 
forcing an update of malware definition data being used by one or more of said plurality 
of network connected computers. 

5. (Previously Presented) A program stored on a computer-readable medium as 
claimed in claim 2, wherein said at. least one predetermined anti -malware action includes 
altering at least one scanner setting of at least one of said malware scanners such that said 
at least one of said malware scanners performs more thorough malware scanning. 

6. (Previously Presented) A program stored on a computer-readable medium as 
claimed in claim I, wherein said at least one predetermined anti-malware action includes 
isolating at least one of said network connected computers from other parts of said 
computer network. 
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7. (Previously Presented) A program stored on a computer-readable medium as 
claimed in claim 1, wherein said managing computer stores said plurality of log data 
messages within a database, 

8. (Previously Presented) A program stored on a computer-readable medium as 
claimed in claim 7, wherein said detecting code is operable to query said database. 

9. (Previously Presented) A program stored on a computer-readable medium as 
claimed in claim 7, wherein said database includes data identifying at least one of: 

maiware protection mechanisms used by respective network connected 
computers; 

versions of maiware protection computer programs used by respective network, 
connected computers; 

versions of maiware definition data used by respective network connected 
computers; and 

security settings of maiware protection mechanisms used by respective network 
connected computers. 

10. (Currently Amended) A method of managing maiware protection within a 
computer network containing a plurality of network connected computers, said method 
comprising the steps of: 
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receiving at a managing computer a plurality of log data messages identifying 
detection of malware by respective ones of said plurality of network connected 
computers; 

detecting from said plurality of log data messages received by said managing 
computer a pattern and a network-wide threshold of malware detection across said 
plurality of network connected computers matching at least one predetermined trigger, 
the network-wide threshold being applied to a sum of detections, the detections each 
being associated with a different one of the network connected computers; and 

in response to detection of said at least one predetermined trigger, performing at 
least one predetermined anti-malware action. 

•^heresn predefined netwoik-wide thresholds and patterns ire provided as 
opiates; 

wherein the predefined network-wide thresholds and patterns are customized to 
particular circumstances . 

1 1. (Original) A method as claimed in claim 1.0, wherein said plurality of network 
connected computers each have a malware scanner that serves to scan computer files to 
detected malware within said computer files. 

12. (Original) A method as claimed in claim 1 1, wherein said malware scanner 
uses malware definition data to identify malware to be detected. 
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13. (Previously Presented) A method as claimed in claim 12, wherein said at least 
one predetermined anti-malware action includes forcing an update of ma! ware definition 
data being used by at least one of said plurality of network connected computers. 

14. (Previously Presented) A method as claimed in claim 1 1, wherein said at least 
one predetermined anti-malware action includes altering at least one scanner setting of at 
least one ma! ware scanner such that said malware scanner performs more thorough 
malware scanning 

15. (Previously Presented) A method as claimed in claim '10, wherein said at least 
one predetermined anti-malware action includes isolating at least one of said network 
connected computers from other parts of said computer network. 

16. (Original) A method as claimed in claim 10, wherein said managing computer 
stores said plural ity of log data messages within a database. 

17. (Previously Presented) A method as claimed in claim 16, wherein said 
detecting step includes querying said database. 

18. (Previously Presented) A method as claimed in claim 16, wherein said 
database includes data identifying at least one of: 

malware protection mechanisms used by respective network connected 
computers; 
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versions of malware protection computer programs used by respective network 
con n ected computers; 

versions of malware definition data used by respective network connected 
computers; and 

security settings of malware protection mechanisms used by respective network 
connected computers. 

19. (Currently Amended) Apparatus for managing malware protection within a 
computer network said computer network containing a plurality of network connected 
computers, said apparatus comprising: 

receiving logic for receiving at a managing computer a plurality of log data 
messages identifying detection of malware by respective ones of said plurality of network 
conn ected computers; 

detecting logic for detecting from said plurality of log data messages received by 
said managing computer a pattern and a network-wide threshold of malware detection 
across said plurality of network connected computers matching at least one 
predetermined trigger, the network- wide threshold being applied to a sum of detections, 
the detections each being associated with a different one of the network connected 
computers; and 

action performing logic, in response to detection of at least one predetermined 
trigger, for performing at least one predetermined anti-mal ware action; 

wherein predefined network-wide thresholds and patterns are provided as 
templates: 
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wherein.the predefined network -wide thresholds and.patten^s are.custMfi^ed.io 
particular ci rcumstances . 

20. (Previously Presented) Apparatus as claimed in claim 1.9, wherein each of said 
plurality of network connected computers have a malware scanner that serves to scan 
computer files to detected malware within said computer files, 

21 . (Previously Presented) Apparatus as claimed in claim 20, wherein said 
malware scanner includes malware definition data to identify mahvare to be detected. 

22. (Previously Presented) Apparatus as claimed in claim 21, wherein said at least 
one predetermined anti-malware action includes forcing an update of malware definition 
data in at least one of said plurality of network connected computers. 

23. (Previously Presented) Apparatus as claimed in claim 20, wherein said at least 
one predetermined anti-malware action includes altering at least one scanner setting of at 
least one malware scanner such that said malware scanner performs more thorough 
malware scanning. 

24. (Previously Presented) Apparatus as claimed in claim 19, wherein said at least 
one predetermined anti-malware action includes isolating at least one of said network 
connected computers from other parts of said computer network. 
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25. (Original) Apparatus as claimed in claim 19, wherein said managing computer 
stores said plurality of log data messages within a database. 

26. (Original) Apparatus as claimed in claim 25, wherein said delecting logic is 
operable to query said database. 

27. (Previously Presented) Apparatus as claimed in claim 25, wherein said 
database includes data identifying at least one of; 

malware protection mechanisms used by respective network connected 
computers; 

versions of malware protection computer programs used by respective network, 
connected computers; 

versions of malware definition data used by respective network connected 
computers; and 

security settings of malware protection mechanisms used by respective network 
connected computers. 

28. (Cancelled) 



29. (Cancelled) 
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30. (New) A program stored on a computer-readable medium as claimed in claim 
L wherein said at least one predetermined anti-malware action is targeted to a particular 
threat so as to reduce network traffic. 

31 . (New) A program stored on a computer-readable medium as claimed in claim 
1, wherein a plurality of said network connected computers associated with said 
detections utilize outdated maiware definition data. 

32. (New) A program stored on a computer-readable medium as claimed in claim 
31, wherein said at least one predetermined anti-malware action includes updating only 
said network connected computers that utilize said outdated maiware definition data, 

33. (New) A program stored on a computer-readable medium as claimed in claim 
1, wherein a plurality of said network connected computers associated with said 
detections are connected to a particular server. 

34. (New) A program stored on a computer-readable medium as claimed in claim 
33, wherein said at least one predetermined anti-malware action includes isolating only 
said particular server and said network connected computers connected thereto. 



